added basic HTTP authentication for accessing the router console (if a consolePassword is specified in the router.config)
unfortunately, this password setting is only read on router startup...
This commit is contained in:
jrandom
@ -1,13 +1,22 @@
|
|||||||
package net.i2p.router.web;
|
package net.i2p.router.web;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
import net.i2p.router.RouterContext;
|
||||||
|
|
||||||
import org.mortbay.jetty.Server;
|
import org.mortbay.jetty.Server;
|
||||||
|
import org.mortbay.jetty.servlet.WebApplicationContext;
|
||||||
|
import org.mortbay.http.handler.SecurityHandler;
|
||||||
|
import org.mortbay.http.HashUserRealm;
|
||||||
|
import org.mortbay.http.HttpRequest;
|
||||||
|
import org.mortbay.http.SecurityConstraint;
|
||||||
import org.mortbay.util.MultiException;
|
import org.mortbay.util.MultiException;
|
||||||
|
|
||||||
public class RouterConsoleRunner {
|
public class RouterConsoleRunner {
|
||||||
private Server _server;
|
private Server _server;
|
||||||
private String _listenPort = "7657";
|
private String _listenPort = "7657";
|
||||||
private String _listenHost = "0.0.0.0";
|
private String _listenHost = "127.0.0.1";
|
||||||
private String _webAppsDir = "./webapps/";
|
private String _webAppsDir = "./webapps/";
|
||||||
|
|
||||||
public RouterConsoleRunner(String args[]) {
|
public RouterConsoleRunner(String args[]) {
|
||||||
@ -25,10 +34,15 @@ public class RouterConsoleRunner {
|
|||||||
|
|
||||||
public void startConsole() {
|
public void startConsole() {
|
||||||
_server = new Server();
|
_server = new Server();
|
||||||
|
WebApplicationContext contexts[] = null;
|
||||||
try {
|
try {
|
||||||
_server.addListener(_listenHost + ':' + _listenPort);
|
_server.addListener(_listenHost + ':' + _listenPort);
|
||||||
_server.setRootWebApp("routerconsole");
|
_server.setRootWebApp("routerconsole");
|
||||||
_server.addWebApplications(_webAppsDir);
|
contexts = _server.addWebApplications(_webAppsDir);
|
||||||
|
if (contexts != null) {
|
||||||
|
for (int i = 0; i < contexts.length; i++)
|
||||||
|
initialize(contexts[i]);
|
||||||
|
}
|
||||||
} catch (IOException ioe) {
|
} catch (IOException ioe) {
|
||||||
ioe.printStackTrace();
|
ioe.printStackTrace();
|
||||||
}
|
}
|
||||||
@ -39,6 +53,41 @@ public class RouterConsoleRunner {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private void initialize(WebApplicationContext context) {
|
||||||
|
String password = getPassword();
|
||||||
|
if (password != null) {
|
||||||
|
HashUserRealm realm = new HashUserRealm();
|
||||||
|
realm.put("admin", password);
|
||||||
|
realm.addUserToRole("admin", "routerAdmin");
|
||||||
|
context.setRealm(realm);
|
||||||
|
context.addHandler(0, new SecurityHandler());
|
||||||
|
SecurityConstraint constraint = new SecurityConstraint("admin", "routerAdmin");
|
||||||
|
constraint.setAuthenticate(true);
|
||||||
|
context.addSecurityConstraint("/", constraint);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private String getPassword() {
|
||||||
|
List contexts = RouterContext.listContexts();
|
||||||
|
if (contexts != null) {
|
||||||
|
for (int i = 0; i < contexts.size(); i++) {
|
||||||
|
RouterContext ctx = (RouterContext)contexts.get(i);
|
||||||
|
String password = ctx.getProperty("consolePassword");
|
||||||
|
if (password != null) {
|
||||||
|
password = password.trim();
|
||||||
|
if (password.length() > 0) {
|
||||||
|
return password;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// no password in any context
|
||||||
|
return null;
|
||||||
|
} else {
|
||||||
|
// no contexts?!
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public void stopConsole() {
|
public void stopConsole() {
|
||||||
try {
|
try {
|
||||||
_server.stop();
|
_server.stop();
|
||||||
|
|||||||
@ -160,6 +160,15 @@ clientApp.2.args=-nocli -e "config localhost ##_router_i2cp_port##" -e "httpclie
|
|||||||
#clientApp.3.main=net.i2p.router.web.RouterConsoleRunner
|
#clientApp.3.main=net.i2p.router.web.RouterConsoleRunner
|
||||||
#clientApp.3.name=webConsole
|
#clientApp.3.name=webConsole
|
||||||
#clientApp.3.args=7657 127.0.0.1 ./webapps/
|
#clientApp.3.args=7657 127.0.0.1 ./webapps/
|
||||||
|
#clientApp.3.onBoot=true
|
||||||
|
|
||||||
|
# To require simple HTTP authentication for accessing any of the pages underneath the web console
|
||||||
|
# (including any other webapps deployed), uncomment the following line and set the password
|
||||||
|
# accordingly (the username is 'admin'). If the following is commented out, or is blank, then
|
||||||
|
# no password will be required, and anyone will be able to access your router console (and change
|
||||||
|
# settings, etc). This is only used for the new jetty console (started in clientApp.3.* above)
|
||||||
|
#
|
||||||
|
#consolePassword=fooBarBaz
|
||||||
|
|
||||||
# Network monitor (harvests data from the network database and stores it under
|
# Network monitor (harvests data from the network database and stores it under
|
||||||
# monitorData/, and with the netviewer GUI you can browse through its results)
|
# monitorData/, and with the netviewer GUI you can browse through its results)
|
||||||
|
|||||||
Reference in New Issue
Block a user